Description
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02
Scores
CVSS v3
5.4
EPSS
0.0038
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (11)
schneider-electric/bmxnoc0401_firmware
schneider-electric/bmxnoe0100_firmware
schneider-electric/bmxnoe0110_firmware
schneider-electric/bmxnoe0110h_firmware
schneider-electric/bmxnor0200h_firmware
schneider-electric/modicon_m340_bmxp342020_firmware
schneider-electric/modicon_m340_bmxp342020h_firmware
schneider-electric/modicon_m340_bmxp3420302_firmware
schneider-electric/modicon_m340_bmxp3420302h_firmware
schneider-electric/modicon_m340_bmxp342030_firmware
... and 1 more
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026